Successfully reported this slideshow.
Toronto Talks Integrity February 15 2005 Integrity in Business Carolyn L Burke , MA, CISSP, CISM CEO, Integrity Incorporated
<ul><li>Lexus cars may be vulnerable to viruses that infect them via mobile phones. </li></ul><ul><li>Landcruiser models L...
<ul><li>There isn't a virus on the loose.  YET.  </li></ul><ul><li>New urban legend.  But it got me thinking. </li></ul>
How do we prevent this scenario from occurring? Back up a step...
<ul><li>John reminded me to send in this talk  a few weeks ago.  </li></ul><ul><li>I was hesitating... And I suddenly figu...
Toronto Talks <ul><li>4 years ago, I spoke here on peer-to-peer networks, before most folks knew what these were.  </li></ul>
Peer-to-peer <ul><li>Now, MP3's, Kazaa, Napster are house-hold names.  </li></ul><ul><li>File sharing runs rampant!!  </li...
Security <ul><li>Worms and viruses travel over P2P networks, over instant messenger clients, over mobile phones. </li></ul...
More to secure <ul><li>Bluetooth-enabled devices potentially subject to ‘bluejacking’ </li></ul><ul><li>Proof of concept v...
Your car <ul><li>The Lexus is bluetooth enabled!  </li></ul><ul><li>What could bluetooth control in the car?  </li></ul><u...
remote steering connectivity danger !
What’s the problem?
Ubiquitous computing. Ubiquitous malware. <ul><li>Viruses, worms, and yet unidentified forms of  malware will follow .  </...
“ Defend the Perimeter?”
But where is the perimeter?  <ul><li>The perimeter will expand into </li></ul><ul><ul><li>biotechnology computation </li><...
Security is <ul><li>A never ending race.  </li></ul><ul><li>Today, it's your car.  </li></ul><ul><li>Tomorrow, it will be ...
The pattern <ul><ul><ul><li>computer scientists </li></ul></ul></ul><ul><ul><ul><ul><li>hardware and software </li></ul></...
Control <ul><li>Contain and control information and its practical applications.  </li></ul><ul><li>Areas are merging at th...
Stepping back <ul><li>Need a broader look at the issues </li></ul><ul><li>Computer security is more than just 'securing th...
It's about INTEGRITY <ul><li>in the stuff we build or buy </li></ul><ul><li>in the way we use that stuff and maintain it <...
<ul><li>integrity in our hearts ...  </li></ul><ul><li>In the knowledge that our biological self will function according t...
Integrity <ul><li>INTEGRITY is not just good security.  </li></ul><ul><li>It's the act of balancing  our own principles wi...
Integrity <ul><li>Integrity isn't an inflexible set of beliefs.  </li></ul><ul><li>It's the wisdom and courage to act in t...
So how do we behave with integrity in business?
Stepping further back <ul><li>Let's look at leadership.  </li></ul><ul><ul><li>Charismatic leader </li></ul></ul><ul><ul><...
CHARISMA <ul><li>Start-up CEO's  </li></ul><ul><ul><li>often high charisma charmers  </li></ul></ul><ul><ul><li>they solve...
PROCEDURES <ul><li>A mature company is driven by leaders who  </li></ul><ul><ul><li>Teach and foster the management teams....
ADMINISTRATION <ul><ul><li>Standardization  </li></ul></ul><ul><ul><li>Auditing </li></ul></ul><ul><ul><li>Control functio...
So leadership plays a role <ul><li>In each model, the CEO is essential.  </li></ul><ul><li>But in a well-oiled machine, co...
CEOs <ul><li>And yes, over the last 20 years, we've seen this get out of balance.  </li></ul><ul><li>Celebrity CEOs domina...
CEO Success <ul><li>Success comes in reliably satisfying your market.  And celebrities are not generally known for their r...
CEO Integrity <ul><li>The visionary administrator needs some tools…  </li></ul>
So how do we behave with integrity in leadership? Hint: ethics and policy.
Consider  <ul><li>The law, legislation, regulation, industry standards, best practices </li></ul><ul><li>Potential problem...
And consider <ul><li>Societal ramifications and the effects on our shared future </li></ul><ul><li>How to institutionalize...
And get practical  build integrity into all aspects of your business.
Bluetooth-enabled glasses (Oakley, Motorola)
How - Business Documents <ul><li>Clear vision and mission statements which state your principles / values </li></ul><ul><l...
How - Policies,  guidelines, procedures <ul><li>Security  </li></ul><ul><li>Privacy  </li></ul><ul><li>R&D </li></ul><ul><...
How - Compliance systems <ul><li>Audits </li></ul><ul><li>Compliance technology: monitor and log, secure, retain, report, ...
What could Lexis do differently? <ul><li>In-car firewalls isolate hardware from firmware and software systems </li></ul><u...
<ul><li>Advance policies and R&D strategies to forge ahead while keeping the risks at bay </li></ul><ul><li>Monitor and pl...
Continuous process <ul><li>The problem is ongoing:  </li></ul><ul><ul><li>“ Security is a process.”  </li></ul></ul><ul><l...
What can I do differently? <ul><li>And this isn't about Lexus which is a new urban myth  </li></ul>
Each of us in our business day relies on the policies and practices of our organizations to guide us. Are they good enough?
Our companies have mission and vision statements. Do these encompass a  forward looking, proactive,  AND safe view of prog...
We each face ethical challenges regularly. Are the people around us  trained to effectively handle ethical challenges?
We are business leaders. Are you a visionary administrator  or a cult figure?
I mentioned satellites…  <ul><li>Are communications satellites safe-guarded from viruses or hackers?  </li></ul><ul><li>[I...
Where else are computer components embedded? <ul><li>I want every company to: </li></ul><ul><ul><li>comply to a code of et...
So what are you doing to safeguard your customers? How do you plan to embed protection systems into your products / servic...
Integrity <ul><li>The use of values or principles to guide action in the situation at hand. </li></ul><ul><li>Know your le...
Exercise in Integrity <ul><li>Clearly state your personal values and principles.  Highlight them in: </li></ul><ul><ul><li...
Q & A www.integrityincorporated.com
Your car key <ul><li>Matthew Green starts his 2005 Ford Escape with a duplicate key he had made at the corner store.  </li...
Key cracking <ul><li>This Johns Hopkins University team recently cracked the security behind “immobilizer” systems </li></...
How to steal a car <ul><li>Extract data from the key by standing  near  the owner </li></ul><ul><li>An hour of computing <...
Ubiquitous. Embedded. <ul><li>Embedded computing is supposed to augment a car’s protection.  </li></ul><ul><li>Tool kits w...
Is your car safe to drive?
Is the car still in the driveway!
Resources http://linkingINTEGRITY.blogspot.com <ul><li>P2P overview  </li></ul><ul><li>…  /2005/02/guide-to-peer-to-peer.h...
Toronto Talks Integrity February 15 2005 Carolyn L Burke , MA, CISSP, CISM CEO, Integrity Incorporated
Upcoming SlideShare
Loading in …5
×

Toronto Talks Integriy 2005

314 views

Published on

  • Be the first to comment

  • Be the first to like this

Toronto Talks Integriy 2005

  1. 1. Toronto Talks Integrity February 15 2005 Integrity in Business Carolyn L Burke , MA, CISSP, CISM CEO, Integrity Incorporated
  2. 2. <ul><li>Lexus cars may be vulnerable to viruses that infect them via mobile phones. </li></ul><ul><li>Landcruiser models LX470 and LS430 have been discovered with infected operating systems that transfer within a range of 15 feet. </li></ul>Typical Scary Story
  3. 3. <ul><li>There isn't a virus on the loose. YET. </li></ul><ul><li>New urban legend. But it got me thinking. </li></ul>
  4. 4. How do we prevent this scenario from occurring? Back up a step...
  5. 5. <ul><li>John reminded me to send in this talk a few weeks ago. </li></ul><ul><li>I was hesitating... And I suddenly figured it out. </li></ul>
  6. 6. Toronto Talks <ul><li>4 years ago, I spoke here on peer-to-peer networks, before most folks knew what these were. </li></ul>
  7. 7. Peer-to-peer <ul><li>Now, MP3's, Kazaa, Napster are house-hold names. </li></ul><ul><li>File sharing runs rampant!! </li></ul><ul><li>Emerging need for new forms of security. </li></ul>
  8. 8. Security <ul><li>Worms and viruses travel over P2P networks, over instant messenger clients, over mobile phones. </li></ul>“ Could you wait just a little before you infect my computer? I need to get this done.”
  9. 9. More to secure <ul><li>Bluetooth-enabled devices potentially subject to ‘bluejacking’ </li></ul><ul><li>Proof of concept virus on the loose </li></ul>
  10. 10. Your car <ul><li>The Lexus is bluetooth enabled! </li></ul><ul><li>What could bluetooth control in the car? </li></ul><ul><li>What can the car connect to? </li></ul><ul><li>What can connect to it? </li></ul>
  11. 11. remote steering connectivity danger !
  12. 12. What’s the problem?
  13. 13. Ubiquitous computing. Ubiquitous malware. <ul><li>Viruses, worms, and yet unidentified forms of malware will follow . </li></ul><ul><ul><li>Into cars and their control systems. </li></ul></ul><ul><ul><li>Into mobile phones and digital cameras. </li></ul></ul><ul><ul><li>Into sunglasses and satellites. </li></ul></ul><ul><ul><li>Into pacemakers and nuclear controls. </li></ul></ul>
  14. 14. “ Defend the Perimeter?”
  15. 15. But where is the perimeter? <ul><li>The perimeter will expand into </li></ul><ul><ul><li>biotechnology computation </li></ul></ul><ul><ul><li>nanotech computation </li></ul></ul><ul><ul><li>DNA assembling curcuits </li></ul></ul><ul><li>We've barely scratched the surface in the security and privacy sectors designing protection systems. And we're in a race to do so. </li></ul>
  16. 16. Security is <ul><li>A never ending race. </li></ul><ul><li>Today, it's your car. </li></ul><ul><li>Tomorrow, it will be your heart. </li></ul><ul><li>And soon perhaps, your thoughts. </li></ul>
  17. 17. The pattern <ul><ul><ul><li>computer scientists </li></ul></ul></ul><ul><ul><ul><ul><li>hardware and software </li></ul></ul></ul></ul><ul><ul><ul><li>psychologists </li></ul></ul></ul><ul><ul><ul><ul><li>wetware </li></ul></ul></ul></ul><ul><ul><ul><li>geneticists </li></ul></ul></ul><ul><ul><ul><ul><li>dna </li></ul></ul></ul></ul>
  18. 18. Control <ul><li>Contain and control information and its practical applications. </li></ul><ul><li>Areas are merging at the nano level AND macro level. </li></ul>
  19. 19. Stepping back <ul><li>Need a broader look at the issues </li></ul><ul><li>Computer security is more than just 'securing the perimeter' - i.e. locking your doors and arming the alarm. </li></ul><ul><li>We need embedded, decentralized security too. Ubiquitous security. </li></ul>
  20. 20. It's about INTEGRITY <ul><li>in the stuff we build or buy </li></ul><ul><li>in the way we use that stuff and maintain it </li></ul><ul><li>in the people around us </li></ul><ul><li>in the organizations around us </li></ul><ul><li>in our communications and the systems used for them </li></ul>
  21. 21. <ul><li>integrity in our hearts ... </li></ul><ul><li>In the knowledge that our biological self will function according to the spec. </li></ul><ul><li>In the knowledge that our personal and professional values will and can be retained. </li></ul>
  22. 22. Integrity <ul><li>INTEGRITY is not just good security. </li></ul><ul><li>It's the act of balancing our own principles with worldly situations that arise. </li></ul>
  23. 23. Integrity <ul><li>Integrity isn't an inflexible set of beliefs. </li></ul><ul><li>It's the wisdom and courage to act in the world while fostering our heartfelt principles. </li></ul>
  24. 24. So how do we behave with integrity in business?
  25. 25. Stepping further back <ul><li>Let's look at leadership. </li></ul><ul><ul><li>Charismatic leader </li></ul></ul><ul><ul><li>Procedural leader </li></ul></ul><ul><ul><li>Administrative leader </li></ul></ul>
  26. 26. CHARISMA <ul><li>Start-up CEO's </li></ul><ul><ul><li>often high charisma charmers </li></ul></ul><ul><ul><li>they solve problems and lead people through character </li></ul></ul><ul><ul><li>the company is a monarchy. </li></ul></ul><ul><li>The cult of the charismatic leader. </li></ul>
  27. 27. PROCEDURES <ul><li>A mature company is driven by leaders who </li></ul><ul><ul><li>Teach and foster the management teams. </li></ul></ul><ul><ul><li>Leave senior people autonomy to run their divisions accountably. </li></ul></ul><ul><ul><li>Roles, responsibility delineated in advance. </li></ul></ul><ul><li>The CEO remains an authority figure, but is approachable, reasonable, and influenced by good input. </li></ul>
  28. 28. ADMINISTRATION <ul><ul><li>Standardization </li></ul></ul><ul><ul><li>Auditing </li></ul></ul><ul><ul><li>Control functions </li></ul></ul><ul><ul><li>ISO certifications </li></ul></ul><ul><ul><li>Best practices </li></ul></ul><ul><ul><li>Everyone knows their roles. </li></ul></ul><ul><ul><li>Procedures are clear. </li></ul></ul><ul><li>The CEO is a darn good administrator of an effective system. </li></ul>Look farther down the curve though. These companies run like successful, well-oiled machines. How? Through
  29. 29. So leadership plays a role <ul><li>In each model, the CEO is essential. </li></ul><ul><li>But in a well-oiled machine, communication is not only top-down. </li></ul><ul><li>Creativity has room in every role. </li></ul><ul><li>And behaviour is governed and predictable. </li></ul>
  30. 30. CEOs <ul><li>And yes, over the last 20 years, we've seen this get out of balance. </li></ul><ul><li>Celebrity CEOs dominate the news. Martha Stewart. Carly Fiorina. Conrad Black. The Enron group. </li></ul><ul><li>They are not however always at the helm of success for their companies. </li></ul>
  31. 31. CEO Success <ul><li>Success comes in reliably satisfying your market. And celebrities are not generally known for their reliability. </li></ul><ul><li>Standardization is. </li></ul><ul><li>So as remarkable as it may seem, you need to be this wonderful combination of visionary administrator . And so does the your company. </li></ul>
  32. 32. CEO Integrity <ul><li>The visionary administrator needs some tools… </li></ul>
  33. 33. So how do we behave with integrity in leadership? Hint: ethics and policy.
  34. 34. Consider <ul><li>The law, legislation, regulation, industry standards, best practices </li></ul><ul><li>Potential problems with each technology we invent and implement </li></ul><ul><li>Ethical ramifications </li></ul>
  35. 35. And consider <ul><li>Societal ramifications and the effects on our shared future </li></ul><ul><li>How to institutionalize the best of breed practices that result </li></ul><ul><li>And of course, the profitability of our decisions for our business ventures </li></ul>
  36. 36. And get practical build integrity into all aspects of your business.
  37. 37. Bluetooth-enabled glasses (Oakley, Motorola)
  38. 38. How - Business Documents <ul><li>Clear vision and mission statements which state your principles / values </li></ul><ul><li>Clear business plan which incorporates your principles and values </li></ul>
  39. 39. How - Policies, guidelines, procedures <ul><li>Security </li></ul><ul><li>Privacy </li></ul><ul><li>R&D </li></ul><ul><li>Ethics </li></ul><ul><li>HR </li></ul><ul><li>CSR </li></ul><ul><li>Sustainability </li></ul><ul><li>Standards adoption </li></ul>
  40. 40. How - Compliance systems <ul><li>Audits </li></ul><ul><li>Compliance technology: monitor and log, secure, retain, report, analyze </li></ul><ul><li>Feedback systems to add checks and balances </li></ul><ul><li>Quality assurance </li></ul>
  41. 41. What could Lexis do differently? <ul><li>In-car firewalls isolate hardware from firmware and software systems </li></ul><ul><li>Plan ahead about problems integration will bring </li></ul><ul><li>Best practices in security and ethics </li></ul><ul><li>and… </li></ul>
  42. 42. <ul><li>Advance policies and R&D strategies to forge ahead while keeping the risks at bay </li></ul><ul><li>Monitor and plan for new risks that arise from new technologies </li></ul><ul><li>Do all these continuously </li></ul>
  43. 43. Continuous process <ul><li>The problem is ongoing: </li></ul><ul><ul><li>“ Security is a process.” </li></ul></ul><ul><li>So is ethics. So is having integrity. </li></ul><ul><li>90% of an effective solution is using governance and compliance systems to monitor and improve existing solutions. </li></ul>
  44. 44. What can I do differently? <ul><li>And this isn't about Lexus which is a new urban myth </li></ul>
  45. 45. Each of us in our business day relies on the policies and practices of our organizations to guide us. Are they good enough?
  46. 46. Our companies have mission and vision statements. Do these encompass a forward looking, proactive, AND safe view of progress?
  47. 47. We each face ethical challenges regularly. Are the people around us trained to effectively handle ethical challenges?
  48. 48. We are business leaders. Are you a visionary administrator or a cult figure?
  49. 49. I mentioned satellites… <ul><li>Are communications satellites safe-guarded from viruses or hackers? </li></ul><ul><li>[IBM Security Survey 2005] </li></ul>
  50. 50. Where else are computer components embedded? <ul><li>I want every company to: </li></ul><ul><ul><li>comply to a code of ethics and the laws </li></ul></ul><ul><ul><li>use standards </li></ul></ul><ul><ul><li>follow industry best practices </li></ul></ul><ul><ul><li>audit their processes </li></ul></ul>
  51. 51. So what are you doing to safeguard your customers? How do you plan to embed protection systems into your products / services?
  52. 52. Integrity <ul><li>The use of values or principles to guide action in the situation at hand. </li></ul><ul><li>Know your leadership values & principles. </li></ul><ul><li>Situations will present themselves. </li></ul><ul><li>What kind of leader are you? </li></ul>
  53. 53. Exercise in Integrity <ul><li>Clearly state your personal values and principles. Highlight them in: </li></ul><ul><ul><li>your company mission and vision </li></ul></ul><ul><ul><li>your business plan </li></ul></ul><ul><ul><li>your policies, procedures, and practices </li></ul></ul><ul><ul><li>your leadership style </li></ul></ul><ul><li>Do they align? </li></ul>
  54. 54. Q & A www.integrityincorporated.com
  55. 55. Your car key <ul><li>Matthew Green starts his 2005 Ford Escape with a duplicate key he had made at the corner store. </li></ul>
  56. 56. Key cracking <ul><li>This Johns Hopkins University team recently cracked the security behind “immobilizer” systems </li></ul><ul><li>Used in millions of Fords, Toyotas and Nissans. </li></ul>
  57. 57. How to steal a car <ul><li>Extract data from the key by standing near the owner </li></ul><ul><li>An hour of computing </li></ul><ul><li>A few minutes to break in, feed the key code to the car, and hot-wire it. </li></ul>
  58. 58. Ubiquitous. Embedded. <ul><li>Embedded computing is supposed to augment a car’s protection. </li></ul><ul><li>Tool kits which duplicate key cracking will become available to download. </li></ul>
  59. 59. Is your car safe to drive?
  60. 60. Is the car still in the driveway!
  61. 61. Resources http://linkingINTEGRITY.blogspot.com <ul><li>P2P overview </li></ul><ul><li>… /2005/02/guide-to-peer-to-peer.html </li></ul><ul><li>Bluetooth glasses </li></ul><ul><li>… /2005/02/motorola-and-oakley-introduce-first.html </li></ul><ul><li>DNA circuit assembly </li></ul><ul><li>… /2005/02/dna-assembled-computer-circuits.html </li></ul><ul><li>Bill Gates on Interoperability http://go.microsoft.com/?linkid=2153987 </li></ul><ul><li>Integrity Incorporated </li></ul><ul><li>http://www.integrityincorporated.com/subscribe.aspx </li></ul>
  62. 62. Toronto Talks Integrity February 15 2005 Carolyn L Burke , MA, CISSP, CISM CEO, Integrity Incorporated

×